Skip to main content

SAML SSO Configuration Guide

SAML SSO Configuration Guide

This guide includes information and FAQs to help you successfully configure your SAML SSO.

Requirements

  • Your Empower Platform must be SSL enabled.
  • Users who need to log in using SAML SSO must have valid email addresses in Empower.
  • Access Empower over HTTPS.
  • Locate Empower's Entity ID. Empower's default Entity ID is https://<empower-url>/Saml2.
  • Locate the metadata for your SAML Identity Provider, including their Entity ID and Metadata URL.
  • The user's signing algorithm must be set to a minimum of SHA256.

Which SAML 2.0 profile does Empower adopt?

Empower adopts the most widely-used Web browser SSO profileopen in new window.

What will Empower Login look like with SAML SSO enabled?

For users who have SSO access

  1. User navigates to any pages that require login.
  2. Empower redirects the browser to Login page.
  3. User enters email address as the Username, then clicks the Continue button, Empower will redirect the browser to the SSO Login page.
  4. User enters email address and password to sign in the SSO service; in the meantime, MFA may also be required depending on Identity Provider’s settings.
  5. The browser returns back to Empower site; if the SSO user is also an authorized Empower user, then Empower will automatically sign this user in.

For users who don’t have SSO access

  1. User navigates to any pages that require login.
  2. Empower redirects the browser to Login page.
  3. User enters username/email address as the Username, then clicks the Continue button, Empower will show the built-in Login page.
  4. User enters password to sign in.

Steps to enable SAML SSO

  1. Make sure you are accessing Empower application over HTTPS.
  2. Navigate to Server Home > Configure Server > Application Settings
  3. Configure it under SAML SSO Options section. SAML SSO Options 3.1 Enter your corporate domain in Domains. Multiple domains are delimited by semi-colons. Empower uses this setting to determine whether to perform an SSO login for a specific user.
    3.2 Enter the Entity ID of Empower (Service Provider).
    3.3 Enter the Identity Provider’s Entity ID and Metadata URL of the Identity Provider. The metadata URL could also be a path to the metadata file. Such as C:/SAML2/IdP_Metadata.xml, ~/App_Data/IdP_Metadata.xml
  4. Download Empower’s metadata by clicking the Download Metadata link next to the header SAML SSO Options.
  5. Register your Empower application as a Service Provider in your SAML Identity Provider. Refer to your SAML Identity Provider website for details.
  6. Turn on the SSO by setting the option Enable SAML SSO to Yes, and test the SSO Login.